It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Fingerprint sensor support on remote systems?
Hello, maybe I missed something. Hence, I am asking before buying a new Mac Keyboard with sensor ... I use 1Password for: local stuff on my Mac on remote systems over ssh Visual Studio Code (VSC) remote over ssh VSC Docker devcontainers on remote Linux systems (In VSC open a folder on a remote system, open the project folder in docker devcontainers) Typing in the vault password is a cumbersome thing, when done too often, and restarting and rebuilding the containers, are new shells / terminals requesting entering the 1Password vault password often. Hence, I am looking for a way to make this simpler and hoped for support of the fingerprint sensor on remote systems.
ssh not working in dev-containers/wsl2 after last update...
Hello community! I need straightforward way to work with wsl2 and dev-containers.... It's always some level of nightmare to work with 1Password and SSH agents on Windows11/WSL: Could you help with WORKING SOLUTION (manual, article) for wsl2 and dev-containers to be able to work with Git and commit signing. I use Docker Desktop + WSL2 as a backend, GitHub SSH key for auth and commit signing. For now, I don't see ways better than use private keys in files with ssh configs. One time I used this for setup, but last week all functionality dropped again: https://vinialbano.com/how-to-sign-git-commits-with-1password/ reference repo here: https://github.com/levpa/golang-tryNew: JWT Decoding Support
Hi all, Just released today, you can now decode JWT (JSON Web Tokens) directly in the 1Password desktop app. No more do you have to dump your tokens into websites. Learn more about it in the announcement post. What other things can we add to help ease your development flow?Developer Newsletter (Aug 2025)
Hi all, I just wanted to drop a note and let everyone know that the August Edition of the Developer Newsletter just dropped. Developer newsletter: August 2025 | 1Password Community Here's a preview of what you'll learn about Community highlights → Project - varlock by DMNO (phildmno) : open source schema-powered .env tool. Guide - Flatpak VSCode + Toolbox + 1Password workflow by ThePhatLe 1Password Environments (beta) + Admin Panel support → streamline sharing and managing env vars securely across teams. MCP Server for Trelica → practical example of using agentic AI safely with least-privilege access. HashiCorp HCP Vault Secrets migration guide → immediate need for teams impacted by the August 2025 sunset. 1Password Marketplace → explore or contribute integrations; request what you need next. Podcast: Random but Memorable, Season 15 → dev productivity hacks, AI security, and identity protection. Reading picks → API key best practices Linux hitting 5% desktop share (relevant for 1Password Linux users) CLI scripting with 1Password (Rob Allen).Developer Doc "bugs"
As we are starting to develop utilizing 1Password SDK, I have been finding some "bugs" in the documentation. I would love to see these updated (to help other people). We have been having to create our own internal documentation. From: https://developer.1password.com/docs/sdks/manage-items/#update-an-item Update an item To update an item, fetch the item you want to update, specify the changes you want to make, then pass the updated item to the client.Items.Put function. # Update a field in your item item.fields[0].value = "new_value" item.websites.append( Website( label="my custom website 2", url="https://example2.com", autofill_behavior=AutofillBehavior.NEVER, ), ) updated_item = await client.items.put(item) Website is not a data type: NameError: name 'Website' is not defined From the page: https://developer.1password.com/docs/sdks/concepts/#field-types There is no Data Type "Website", but there is a Data Type "Url", which I also tried, and it does not work either: NameError: name 'Url' is not defined I finally, looking at the source code figured out that I had to do yet another "import": from onepassword.types import ItemField, Website, AutofillBehavior to make this work. Is there other documentation pages that go over all the other parts of "types.py" that tell us when they are used, where it is used, and how to do import for them? Same goes for other code pages (secrets, items, errors, vaults, etc..)Documentation Correction:
From: https://developer.1password.com/docs/sdks/manage-items Under "Address": fieldType should be field_type, and sdk.ItemFieldType.Address should be ItemFieldType.ADDRESS sectionID should be section_id { id: "address", title: "Address", sectionId: "custom section", fieldType: sdk.ItemFieldType.Address, value: "", details: { type: "Address", content: { street: "1234 Elm St", city: "Springfield", country: "USA", zip: "12345", state: "IL", }, }, },OpenAI API Keys... Oh mai
Just a heads up, on Github, a crafty person created a query to find OpenAI API keys via search. I'm not going to link to it, but here are some resources if you fall into this camp! We have an entire blog post from 2023 about this topic https://blog.1password.com/openai-chatgpt-exposed-api-keys/ AI Agents + 1Password (Blog) https://developer.1password.com/docs/sdks/ai-agent CLI https://developer.1password.com/docs/cli/secret-references SDK (Python, Go & Typescript/JS) https://developer.1password.com/docs/sdks/load-secrets GitHub Actions with 1Password (hide API keys in CI/CD) https://developer.1password.com/docs/ci-cd/github-actionsopenv – A simple CLI tool to wrap commands with 1Password secrets from .env
Hey folks, 👋 I just released a new version of a small command-line tool I’ve been working on called openv. 💡 What it does: It automatically wraps selected dev commands (like npm dev, pnpm run, etc.) with op run, if your project’s .env file contains op:// secrets from 1Password. So instead of manually writing: run --env-file=.env -- npm run dev You can just type, as you would normally do: npm run dev And it will be wrapped automatically via a shell hook. 🧠 Why I built it: This started as a personal tool because I kept forgetting to wrap my dev commands with op run, and I wanted a smoother experience that "just works" based on .env contents. It hooks into ZSH (likely direnv), with support for allow/deny patterns (e.g., only wrap certain commands like pnpm start). 🛠️ Tech: Written in Rust Works in ZSH, Bash, and Fish Installable via Homebrew Fully local 🧪 Notes: This is an early release, mainly developed for my personal use. I’m sharing it here in case others find it useful. Feedback, issues, or even feature ideas are very welcome — but no pressure! GitHub: https://github.com/andrea11/openv Thanks for reading — and happy coding! 🚀.env accessed?: Lesson learned from a drained crypto wallet
A user on X recently lost their entire crypto wallet after installing a malicious extension in Cursor.ai. The extension accessed their .env file, extracted private keys, and sent them to an attacker’s server. The wallet was drained within 27 minutes. Sadly a hard lesson to learn from. What steps would you recommend to secure their setup? Read - https://x.com/0xzak/status/1955265807807545763?s=46&t=WQd8UVBBGk_pyHB3pNwGsA
